Let's get random: Under the hood of PHP 7's CSPRNG

Randomness is really important in many cryptographic contexts. Unfortunately, true randomness is a non-trivial achievement for computers. In fact, using weak sources of randomness can leave your application open to myriad vulnerabilities. Enter a good cryptographically secure pseudorandom number generator (CSPRNG).

We’ll discuss the importance of using good sources of randomness, the CSPRNG options we had in PHP 5, and how the new-goodness CSPRNG functions in PHP 7 work under the hood.

Sammy's talk on the importance of sufficiently random input to application security was insightful and entertaining. Also, it didn't hurt to have been on the receiving end of a give-a-way of one of the rare PHP Elephants by PHP Roundtable!